Operating System - Linux
1839266 Members
3373 Online
110137 Solutions
New Discussion

Re: which iptables entries are needed for custom ftp service

 
Debbie Fleith
Regular Advisor

which iptables entries are needed for custom ftp service

I'm getting "no route to host" erors when trying to send or retrieve files from my new RH 5 Linux system, using a custom ftp service that we implement years ago.

Our /etc/services entries for this ftp service are:
adaftp-data 3020/tcp
adaftp 3021/tcp

Do I need to add both of these tcp ports to my iptables configuration?
8 REPLIES 8
slydmin
Advisor

Re: which iptables entries are needed for custom ftp service

Could you provide more information?

Assuming the FTP service is on this new RH 5 Linux system, can you ping to this server?

if you are able ssh/consolelogin to the server, do a netstat -ant to make sure ftp is listening on that port 3021.

Jeeshan
Honored Contributor

Re: which iptables entries are needed for custom ftp service

may be you have no route entry to other hosts.

dont't need to add adaftp-data in iptables. You can add entry of 21 port in iptables.
a warrior never quits
skt_skt
Honored Contributor

Re: which iptables entries are needed for custom ftp service

disable the IP table if not mandatory. Try and configure/test the normal ftp first and make sure that is working itself.
skt_skt
Honored Contributor

Re: which iptables entries are needed for custom ftp service

Enabling ftp logging in Linux which can give more verbose information when u look at /var/log/vsftpd.log

â ¢ Update /etc/vsftpd/vsftpd.conf with xferlog_std_format=NO from xferlog_std_format=YES


When enabled, all FTP requests and responses are logged, providing the option xferlog_std_format is not enabled. Useful for debugging.

Default: NO

â ¢ Add log_ftp_protocol=YES at the end of /etc/vsftpd/vsftpd.conf

â ¢ Uncomment xferlog_file=/var/log/vsftpd.log on /etc/vsftpd/vsftpd.conf

Default log file is /var/log/xferlog


â ¢ Restart the vsftpd service


Debbie Fleith
Regular Advisor

Re: which iptables entries are needed for custom ftp service

Normal vsftpd is working fine. If I disable iptables, I don't have the problem. Yes, I can ping this server and ssh into it.

How do I determine if iptables is mandatory? If this server is going into a LAN that has a firewall already, can I safely keep iptables disabled?
Jeeshan
Honored Contributor

Re: which iptables entries are needed for custom ftp service

you figure out yourself what is your scenario.

if you wanna make system more secure than keep iptables but make sure you can access significant services.

another thing is you need not to set iptables entry with software or service level, you can specify it with tcp or udp port basis. coz a software or service level may need another tcp or udp port that may be block.
a warrior never quits
Debbie Fleith
Regular Advisor

Re: which iptables entries are needed for custom ftp service

more details.....
Yes, the ftp service is listening in Port 3021.
When I have 3021/tcp enabled in iptables, I can get a ftp connection established to port 3021, but I get "no route to host" when trying to transfer files.
When I have iptables enabled but without any reference to my custom ftp ports, I get "no route to host" errors when trying to establish the connection.
skt_skt
Honored Contributor

Re: which iptables entries are needed for custom ftp service

when u already have a firwall setup up in n/w level. then linux level firwall is not mandatory